Просмотр файла includes/modules/authentication.php

Размер файла: 3.34Kb
<?php
$_SESSION['account'] = isset( $_SESSION['account'] ) ? $_SESSION['account'] : NULL;

// Прошедший аутентификацию ранее

if( $_SESSION['account'] )
{
	redirect( gen_uri('account') );
}

$template_vars['header'] = array(
'TITLE' => $lang['LOGIN'],
'CSS' => $css
);

$template_vars['body'] = array();

$template->set_vars('header', $template_vars['header']);

if( empty($_POST) == false )
{
	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
	$password = isset( $_POST['password'] ) ? (string) $_POST['password'] : '';

	if( get_magic_quotes_gpc() )
	{
		$password = stripslashes( $password );
	}

	if( !$sql->query("DELETE FROM `" . CATALOGUE_BANNED . "` WHERE `time` < UNIX_TIMESTAMP();") )
	{
		put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
	}

	if( !$sql->query("SELECT * FROM `" . CATALOGUE_BANNED . "` WHERE `ip` = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "') AND `ua` = '" . mysql_escape_string($ua) . "';") )
	{
		put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
	}

	if( $sql->num_rows() > 0 )
	{
		$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_BANNED']));
	}
	else if( $password === '' )
	{
		$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_EMPTY_PASSWORD']));
	}
	else if( $id === 0 )
	{
		$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_EMPTY_ID']));
	}
	else
	{
		if( !($qresult = $sql->query("SELECT * FROM `" . CATALOGUE_SITES . "` WHERE `id` = " . $id . " AND `owner` = 'user';")) )
		{
			put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
		}

		if( $sql->num_rows() > 0 )
		{
			$site = $sql->fetch_assoc($sql->result);

			if( md5($password) == $site['password'] )
			{
				$phone_number = isset( $_SERVER['X_NOKIA_MSISDN'] ) ? $_SERVER['X_NOKIA_MSISDN'] : (isset( $_SERVER['X_NETWORK_INFO'] ) ? $_SERVER['X_NETWORK_INFO'] : '' );
				$phone_number = cleanup($phone_number);

				if( !$sql->query("UPDATE `" . CATALOGUE_SITES . "` SET `current_ip` = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "'), `current_ua` = '" . $sql->escape_string($ua) . "', `current_phone_number` = '" . $sql->escape_string($phone_number) . "' WHERE `id` = " . $id . ";") )
				{
					put_error(DBMS_ERROR, htmlspecialchars($sql->error['message']), __LINE__, __FILE__);
				}

				$_SESSION['account'] = $id;
	
				redirect( gen_uri('account') );
			}
			else
			{
				$template->set_block_vars('body', 'error', array('MESSAGE' => $lang['ERR_LOGIN_FAILED']));
			}
		}
		else
		{
			$template->set_block_vars('body', 'error', array('MESSAGE' => sprintf($lang['ERR_SITE_DNE'], $id)));
		}
	}
}

$template_vars['body'] = array(
'ID' => $lang['ID'],
'PASSWORD' => $lang['PASSWORD'],
'SUBMIT' => $lang['SUBMIT'],
'PATH' => gen_uri($m, '', $nocache),
'FORGOT_HREF' => gen_uri('forgot'),
'FORGOT' => $lang['FORGOT'],
'BACK_HREF' => gen_uri('index'),
'BACK' => $lang['BACK'],
'NOCACHE' => $nocache
);

$template_vars['footer'] = array(
'SWITCH_VERSION' => switch_version($m, '', $nocache),
'COUNTER' => '<a href="http://waplog.net/ru/c.shtml?29269"><img src="http://c.waplog.net/ru/29269.cnt" alt="waplog" /></a><br />'
);

$template->set_vars('header', $template_vars['header']);
$template->set_vars('body', $template_vars['body']);
?>